// Copyright (c) 2002 Graz University of Technology. All rights reserved.
// 
// Redistribution and use in source and binary forms, with or without modification,
// are permitted provided that the following conditions are met:
// 
// 1. Redistributions of source code must retain the above copyright notice, this
//    list of conditions and the following disclaimer.
// 
// 2. Redistributions in binary form must reproduce the above copyright notice,
//    this list of conditions and the following disclaimer in the documentation
//    and/or other materials provided with the distribution.
// 
// 3. The end-user documentation included with the redistribution, if any, must
//    include the following acknowledgment:
// 
//    "This product includes software developed by IAIK of Graz University of
//     Technology."
// 
//    Alternately, this acknowledgment may appear in the software itself, if and
//    wherever such third-party acknowledgments normally appear.
// 
// 4. The names "Graz University of Technology" and "IAIK of Graz University of
//    Technology" must not be used to endorse or promote products derived from this
//    software without prior written permission.
// 
// 5. Products derived from this software may not be called "IAIK PKCS Wrapper",
//    nor may "IAIK" appear in their name, without prior written permission of
//    Graz University of Technology.
// 
// THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
// OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
// OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.

package iaik.pkcs.pkcs11.objects;

import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.wrapper.Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;

/**
 * An object of this class represents a certificate as defined by PKCS#11.
 * A certificate is of a specific type: X_509_PUBLIC_KEY, X_509_ATTRIBUTE
 * or VENDOR_DEFINED. If an application needs to use vendor-defined
 * certificates,  it must set a VendorDefinedCertificateBuilder using the
 * setVendorDefinedCertificateBuilder method.
 *
 * @author Karl Scheibelhofer
 * @version 1.0
 * @invariants (certificateType_ <> null)
 *             and (trusted_ <> null)
 */
public class Certificate extends Storage {

	/**
	 * This interface defines the available certificate types as defined by PKCS#11:
	 * X_509_PUBLIC_KEY, X_509_ATTRIBUTE or VENDOR_DEFINED.
	 *
	 * @author Karl Scheibelhofer
	 * @version 1.0
	 * @invariants
	 */
	public interface CertificateType {

		/**
		 * The identifier for a X.509 public key certificate.
		 */
		static public final Long X_509_PUBLIC_KEY = new Long(PKCS11Constants.CKC_X_509);

		/**
		 * The identifier for a X.509 attribute certificate.
		 */
		static public final Long X_509_ATTRIBUTE = new Long(
		    PKCS11Constants.CKC_X_509_ATTR_CERT);

		/**
		 * The identifier for a WTL certificate.
		 */
		static public final Long WTLS = new Long(PKCS11Constants.CKC_WTLS);

		/**
		 * The identifier for a vendor-defined certificate. Any Long object with a
		 * value bigger than this one is also a valid vendor-defined certificate
		 * type identifier.
		 */
		static public final Long VENDOR_DEFINED = new Long(PKCS11Constants.CKC_VENDOR_DEFINED);

	}

	/**
	 * If an application uses vendor defined certificates, it must implement this
	 * interface and install such an object handler using
	 * setVendorDefinedCertificateBuilder.
	 *
	 * @author Karl Scheibelhofer
	 * @version 1.0
	 * @invariants
	 */
	public interface VendorDefinedCertificateBuilder {

		/**
		 * This method should instanciate an Object of this class or of any
		 * sub-class. It can use the given handles and PKCS#11 module to retrieve
		 * attributes of the PKCS#11 object from the token.
		 *
		 * @param session The session to use for reading attributes.
		 *                This session must have the appropriate rights; i.e.
		 *                it must be a user-session, if it is a private object.
		 * @param objectHandle The object handle as given from the PKCS#111 module.
		 * @return The object representing the PKCS#11 object.
		 *         The returned object can be casted to the
		 *         according sub-class.
		 * @exception PKCS11Exception If getting the attributes failed.
		 * @preconditions (session <> null)
		 * @postconditions (result <> null) 
		 */
		public Object build(Session session, long objectHandle)
		    throws PKCS11Exception;

	}

	/**
	 * The currently set vendor defined certificate builder, or null.
	 */
	protected static VendorDefinedCertificateBuilder vendorCertificateBuilder_;

	/**
	 * The type of this certificate. One of CertificateType, or one that has a
	 * bigger value than VENDOR_DEFINED.
	 */
	protected CertificateTypeAttribute certificateType_;

	/**
	 * Indicates, if this certificate can be trusted.
	 */
	protected BooleanAttribute trusted_;

	/**
	 * Categorization of the certificate:
	 * 0 = unspecified (default),
	 * 1 = token user,
	 * 2 = authority,
	 * 3 = other entity.
	 */
	protected LongAttribute certificateCategory_;

	/**
	 * Checksum of this certificate.
	 */
	protected ByteArrayAttribute checkValue_;

	/**
	 * The start date of this certificate's validity.
	 */
	protected DateAttribute startDate_;

	/**
	 * The end date of this certificate's validity.
	 */
	protected DateAttribute endDate_;

	/**
	 * The default constructor. An application use this constructor to instanciate
	 * a certificate that serves as a template. It may also be useful for working with
	 * vendor-defined certificates.
	 *
	 * @preconditions
	 * @postconditions
	 */
	public Certificate() {
		super();
		objectClass_.setLongValue(ObjectClass.CERTIFICATE);
	}

	/**
	 * Constructor taking the reference to the PKCS#11 module for accessing the
	 * object's attributes, the session handle to use for reading the attribute
	 * values and the object handle. This constructor read all attributes that
	 * a storage object must contain.
	 *
	 * @param session The session to use for reading attributes.
	 *                This session must have the appropriate rights; i.e.
	 *                it must be a user-session, if it is a private object.
	 * @param objectHandle The object handle as given from the PKCS#111 module.
	 * @exception TokenException If getting the attributes failed.
	 * @preconditions (session <> null)
	 * @postconditions
	 */
	protected Certificate(Session session, long objectHandle)
	    throws TokenException
	{
		super(session, objectHandle);
		objectClass_.setLongValue(ObjectClass.CERTIFICATE);
	}

	/**
	 * Get the given certificate type as string.
	 *
	 * @param certificateType The certificate type to get as string.
	 * @return A string denoting the object certificate type; e.g. "X.509 Public Key".
	 * @preconditions (certificateType <> null)
	 * @postconditions (result <> null) 
	 */
	public static String getCertificateTypeName(Long certificateType) {
		String certificateTypeName;

		if (certificateType == null) {
			throw new NullPointerException("Argument \"certificateType\" must not be null.");
		}

		if (certificateType.equals(CertificateType.X_509_PUBLIC_KEY)) {
			certificateTypeName = "X.509 Public Key";
		} else if (certificateType.equals(CertificateType.X_509_ATTRIBUTE)) {
			certificateTypeName = "X.509 Attribute";
		} else if ((certificateType.longValue() & CertificateType.VENDOR_DEFINED.longValue()) != 0L) {
			certificateTypeName = "Vendor Defined";
		} else {
			certificateTypeName = "<unknown>";
		}

		return certificateTypeName;
	}

	/**
	 * The getInstance method of the Object class uses this method to create
	 * an instance of a PKCS#11 certificate. This method reads the certificate
	 * type attribute and calls the getInstance method of the according sub-class.
	 * If the certificate type is a vendor defined it uses the
	 * VendorDefinedCertificateBuilder set by the application. If no certificate
	 * could be constructed, this method returns null.
	 *
	 * @param session The session to use for reading attributes.
	 *                This session must have the appropriate rights; i.e.
	 *                it must be a user-session, if it is a private object.
	 * @param objectHandle The object handle as given from the PKCS#111 module.
	 * @return The object representing the PKCS#11 object.
	 *         The returned object can be casted to the
	 *         according sub-class.
	 * @exception TokenException If getting the attributes failed.
	 * @preconditions (session <> null)
	 * @postconditions (result <> null) 
	 */
	public static Object getInstance(Session session, long objectHandle)
	    throws TokenException
	{
		if (session == null) {
			throw new NullPointerException("Argument \"session\" must not be null.");
		}

		CertificateTypeAttribute certificateTypeAttribute = new CertificateTypeAttribute();
		getAttributeValue(session, objectHandle, certificateTypeAttribute);

		Long certificateType = certificateTypeAttribute.getLongValue();

		Object newObject;

		if (certificateTypeAttribute.isPresent() && (certificateType != null)) {
			if (certificateType.equals(CertificateType.X_509_PUBLIC_KEY)) {
				newObject = X509PublicKeyCertificate.getInstance(session, objectHandle);
			} else if (certificateType.equals(CertificateType.X_509_ATTRIBUTE)) {
				newObject = X509AttributeCertificate.getInstance(session, objectHandle);
			} else if (certificateType.equals(CertificateType.WTLS)) {
				newObject = WTLSCertificate.getInstance(session, objectHandle);
			} else if ((certificateType.longValue() & CertificateType.VENDOR_DEFINED
			    .longValue()) != 0L) {
				newObject = getUnknownCertificate(session, objectHandle);
			} else {
				newObject = getUnknownCertificate(session, objectHandle);
			}
		} else {
			newObject = getUnknownCertificate(session, objectHandle);
		}

		return newObject;
	}

	/**
	 * Try to create a certificate which has no or an unkown certificate type 
	 * attribute.
	 * This implementation will try to use a vendor defined certificate builder, 
	 * if such has been set. If this is impossible or fails, it will create just
	 * a simple {@link iaik.pkcs.pkcs11.objects.Certificate Certificate }.
	 * 
	 * @param session The session to use.
	 * @param objectHandle The handle of the object
	 * @return A new Object.
	 * @throws TokenException If no object could be created.
	 * @preconditions (session <> null)
	 * @postconditions (result <> null)
	 */
	protected static Object getUnknownCertificate(Session session, long objectHandle)
	    throws TokenException
	{
		if (session == null) {
			throw new NullPointerException("Argument \"session\" must not be null.");
		}

		Object newObject;
		if (vendorCertificateBuilder_ != null) {
			try {
				newObject = vendorCertificateBuilder_.build(session, objectHandle);
			} catch (PKCS11Exception ex) {
				// we can just treat it like some unknown type of certificate
				newObject = new Certificate(session, objectHandle);
			}
		} else {
			// we can just treat it like some unknown type of certificate
			newObject = new Certificate(session, objectHandle);
		}

		return newObject;
	}

	/**
	 * Set a vendor-defined certificate builder that should be called to create an
	 * instance of an vendor-defined PKCS#11 certificate; i.e. an instance of a
	 * vendor defined sub-class of this class.
	 *
	 * @param builder The vendor-defined certificate builder. Null to clear any
	 *                previously installed vendor-defined builder.
	 * @preconditions
	 * @postconditions
	 */
	public static void setVendorDefinedCertificateBuilder(VendorDefinedCertificateBuilder builder)
	{
		vendorCertificateBuilder_ = builder;
	}

	/**
	 * Get the currently set vendor-defined certificate builder.
	 *
	 * @return The currently set vendor-defined certificate builder or null if
	 *         none is set.
	 * @preconditions
	 * @postconditions
	 */
	public static VendorDefinedCertificateBuilder getVendorDefinedCertificateBuilder() {
		return vendorCertificateBuilder_;
	}

	/**
	 * Put all attributes of the given object into the attributes table of this
	 * object. This method is only static to be able to access invoke the
	 * implementation of this method for each class separately (see use in
	 * clone()).
	 *
	 * @param object The object to handle.
	 * @preconditions (object <> null)
	 * @postconditions
	 */
	protected static void putAttributesInTable(Certificate object) {
		if (object == null) {
			throw new NullPointerException("Argument \"object\" must not be null.");
		}

		object.attributeTable_.put(Attribute.CERTIFICATE_TYPE, object.certificateType_);
		object.attributeTable_.put(Attribute.TRUSTED, object.trusted_);
		object.attributeTable_.put(Attribute.CERTIFICATE_CATEGORY,
		    object.certificateCategory_);
		object.attributeTable_.put(Attribute.CHECK_VALUE, object.checkValue_);
		object.attributeTable_.put(Attribute.START_DATE, object.startDate_);
		object.attributeTable_.put(Attribute.END_DATE, object.endDate_);
	}

	/**
	 * Allocates the attribute objects for this class and adds them to the
	 * attribute table.
	 *
	 * @preconditions
	 * @postconditions
	 */
	protected void allocateAttributes() {
		super.allocateAttributes();

		certificateType_ = new CertificateTypeAttribute();
		trusted_ = new BooleanAttribute(Attribute.TRUSTED);
		certificateCategory_ = new LongAttribute(Attribute.CERTIFICATE_CATEGORY);
		checkValue_ = new ByteArrayAttribute(Attribute.CHECK_VALUE);
		startDate_ = new DateAttribute(Attribute.START_DATE);
		endDate_ = new DateAttribute(Attribute.END_DATE);

		putAttributesInTable(this);
	}

	/**
	 * Create a (deep) clone of this object.
	 *
	 * @return A clone of this object.
	 * @preconditions
	 * @postconditions (result <> null)
	 *                 and (result instanceof Certificate)
	 *                 and (result.equals(this))
	 */
	public java.lang.Object clone() {
		Certificate clone = (Certificate) super.clone();

		clone.certificateType_ = (CertificateTypeAttribute) this.certificateType_.clone();
		clone.trusted_ = (BooleanAttribute) this.trusted_.clone();
		clone.certificateCategory_ = (LongAttribute) this.certificateCategory_.clone();
		clone.checkValue_ = (ByteArrayAttribute) this.checkValue_.clone();
		clone.startDate_ = (DateAttribute) this.startDate_.clone();
		clone.endDate_ = (DateAttribute) this.endDate_.clone();

		putAttributesInTable(clone); // put all cloned attributes into the new table

		return clone;
	}

	/**
	 * Compares all member variables of this object with the other object.
	 * Returns only true, if all are equal in both objects.
	 *
	 * @param otherObject The other object to compare to.
	 * @return True, if other is an instance of this class and all member
	 *         variables of both objects are equal. False, otherwise.
	 * @preconditions
	 * @postconditions
	 */
	public boolean equals(java.lang.Object otherObject) {
		boolean equal = false;

		if (otherObject instanceof Certificate) {
			Certificate other = (Certificate) otherObject;
			equal = (this == other)
			    || (super.equals(other) && this.certificateType_.equals(other.certificateType_)
			        && this.trusted_.equals(other.trusted_)
			        && this.certificateCategory_.equals(other.certificateCategory_)
			        && this.checkValue_.equals(other.checkValue_)
			        && this.startDate_.equals(other.startDate_) && this.endDate_
			          .equals(other.endDate_));
		}

		return equal;
	}

	/**
	 * Gets the certificate type attribute of the PKCS#11 certificate. Its value
	 * must be one of those defined in the CertificateType interface or one with
	 * an value bigger than CertificateType.VENDOR_DEFINED.
	 *
	 * @return The certificate type attribute.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public LongAttribute getCertificateType() {
		return certificateType_;
	}

	/**
	 * Gets the trusted attribute of the PKCS#11 certificate.
	 *
	 * @return The trusted attribute.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public BooleanAttribute getTrusted() {
		return trusted_;
	}

	/**
	 * Gets the certificate category attribute of the PKCS#11 certificate.
	 * 
	 * @return The certificate category attribute.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public LongAttribute getCertificateCategory() {
		return certificateCategory_;
	}

	/**
	 * Gets the check value attribute of of the PKCS#11 certificate.
	 *
	 * @return The check value attribute.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public ByteArrayAttribute getCheckValue() {
		return checkValue_;
	}

	/**
	 * Gets the start date attribute of the validity of the PKCS#11 certificate.
	 *
	 * @return The start date of validity.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public DateAttribute getStartDate() {
		return startDate_;
	}

	/**
	 * Gets the end date attribute of the validity of the PKCS#11 certificate.
	 *
	 * @return The end date of validity.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public DateAttribute getEndDate() {
		return endDate_;
	}

	/**
	 * The overriding of this method should ensure that the objects of this class
	 * work correctly in a hashtable.
	 *
	 * @return The hash code of this object.
	 * @preconditions
	 * @postconditions
	 */
	public int hashCode() {
		return certificateType_.hashCode();
	}

	/**
	 * Read the values of the attributes of this object from the token.
	 *
	 * @param session The session handle to use for reading attributes.
	 *                This session must have the appropriate rights; i.e.
	 *                it must be a user-session, if it is a private object.
	 * @exception TokenException If getting the attributes failed.
	 * @preconditions (session <> null)
	 * @postconditions
	 */
	public void readAttributes(Session session)
	    throws TokenException
	{
		super.readAttributes(session);

		//    Object.getAttributeValue(session, objectHandle_, trusted_);
		Object.getAttributeValues(session, objectHandle_, new Attribute[] { trusted_,
		    certificateCategory_, checkValue_, startDate_, endDate_ });
	}

	/**
	 * This method returns a string representation of the current object. The
	 * output is only for debugging purposes and should not be used for other
	 * purposes.
	 *
	 * @return A string presentation of this object for debugging output.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public String toString() {
		StringBuffer buffer = new StringBuffer(128);

		buffer.append(super.toString());

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("Certificate Type: ");
		if (certificateType_ != null) {
			buffer.append(certificateType_.toString());
		} else {
			buffer.append("<unavailable>");
		}

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("Trusted: ");
		buffer.append(trusted_.toString());

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("Certificate Category: ");
		buffer.append(certificateCategory_.toString());

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("Check Value: ");
		buffer.append(checkValue_.toString());

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("Start Date: ");
		buffer.append(startDate_.toString());

		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.INDENT);
		buffer.append("End Date: ");
		buffer.append(endDate_.toString());

		return buffer.toString();
	}

}
